It indeed seems we overall agree. Even if I may not have always explicitly said 'Wi-Fi encryption' for convenience, that can be derived from context normally, though it's always hard to estimate how people interpret…
When testing our own Enterprise devices, VLANs were not used. This was done to understand the impact of client isolation on its own. For the university networks that we tested, I'd have to ask my co-author. But perhaps…
That should definitely help. You still have to double-check the IP routing tables between the VLANs, but most of the time, that should prevent attacks between SSIDs.
We don't have a CVE number. Whether devices/networks are affected also highly depends on the specific configuration of the device/network. This means that some might interpret some of the identified weaknesses as…
People who use or rely on client isolation want to prevent inter-client attacks, for whatever reason. We show that this can often be broken. This can be problematic when you have older hardware in your network that is…
I'm a co-author on the paper: I would personally not use the word break but instead bypass, to indeed clarify we can't just 'break' any network. We specifically target client isolation, which is nowadays often used, and…
I'm a co-author on the paper: I would personally indeed not use the phrase "we can break Wi-Fi encryption", because that might be misinterpreated that we can break any Wi-Fi network. What we can do is that, when an…
It indeed seems we overall agree. Even if I may not have always explicitly said 'Wi-Fi encryption' for convenience, that can be derived from context normally, though it's always hard to estimate how people interpret…
When testing our own Enterprise devices, VLANs were not used. This was done to understand the impact of client isolation on its own. For the university networks that we tested, I'd have to ask my co-author. But perhaps…
That should definitely help. You still have to double-check the IP routing tables between the VLANs, but most of the time, that should prevent attacks between SSIDs.
We don't have a CVE number. Whether devices/networks are affected also highly depends on the specific configuration of the device/network. This means that some might interpret some of the identified weaknesses as…
People who use or rely on client isolation want to prevent inter-client attacks, for whatever reason. We show that this can often be broken. This can be problematic when you have older hardware in your network that is…
I'm a co-author on the paper: I would personally not use the word break but instead bypass, to indeed clarify we can't just 'break' any network. We specifically target client isolation, which is nowadays often used, and…
I'm a co-author on the paper: I would personally indeed not use the phrase "we can break Wi-Fi encryption", because that might be misinterpreated that we can break any Wi-Fi network. What we can do is that, when an…